Tuesday, June 18, 2013

Is 2013 Half Empty or Half Full?

It certainly has been a wild ride thus far for 2013 as we head into the second half. Breaches, hacks, exposures, leaks, along with things like BYOD and SDN should make the next 6 months interesting. From the many headlines in 2012, you'd think organizations would be locked down tight but alas, intruders are still kicking a$$ and taking names...literally.

Media and news organizations, like the New York Times and Wall Street Journal, experienced data breaches due to spear fishing and malware. According to various news articles, certain journalists were targeted based on their story coverage but more interesting to me is the fact that the anti-virus along with the IPS/IDS in place failed to catch the malware. Unless there is a signature in place for a known piece of evil code, that demon will make it's way through.

Financial institutions up to and including the Federal Reserve were breached. While many bank hacks are driven by monetary gain, sometimes they are the targets of political activists. Humans are very passionate about their beliefs and like to express those feelings. There have always been protesters and activists - some write letters, some picket on the sidewalk, some throw rocks and with the advent of the internet, now you can protest by creating digital havoc. Instead of hoping that people boycott a particular entity, you can simply take it out yourself so no one can get to the site.

Social media networks continue to feel the heat from breaches. Many social media sites are now deploying two-factor authentication to help reduce password exposures and increase verification checks. Many news stories have talked about password usage and it's good that two factor is being deployed...but,in many cases, it is only after the bad news hits the media. Why wait?

These are guides to help organizations understand the threats but always make sure you understand you own risks and focus on mitigating those first whether they are on the OWASP Top 10 or not. Then make sure you're covered on the rest.

So far, 2013 has been full of breaches that empties an organization's information.